Washington D.C. – (AFPS)
– June 27, 2013 – Hard work by the administration, the services and the
leadership at U.S. Cyber Command is putting in place elements crucial to
defending U.S. and allied interests in cyberspace, the deputy assistant
secretary of defense for cyber policy said in a recent interview.

Eric Rosenbach cited Defense Department progress in creating
a concept for operating in the newest warfare domain, building and training a
joint cyber force, and updating the standing rules of engagement for operating
in cyberspace to align with Presidential Policy Directive 20, or PPD-20, on
cyber operations.

Without naming specific countries, Rosenbach also said that
senior DOD officials have made a conscious decision to expand the traditional
U.S. circle of allied engagement to “key regions” to defend common interests in
cyberspace.

“Through an intense deliberative process, the [most senior]
leadership in the department decided that we needed to make a significant
investment in the people who would constitute the cyber force,” the deputy
assistant secretary told American Forces Press Service. “The investment is going
into a structure that is now more defined than it ever was in the past, and this
has been helpful in having everyone in the department understand what the
missions will be for the new influx of personnel.”

From now until at least fiscal year 2016, each service will
contribute teams of fully trained cyber warriors to U.S. Cyber Command, which
has three operational focus areas: defending the nation, supporting the
combatant commands and defending the DOD information networks.

The service teams will become what Cybercom Commander Army
Gen. Keith B. Alexander described June 12 in written testimony before the Senate
Appropriations Committee as the command’s cyber mission forces, organized into
national mission teams, combat mission teams and cyber protection teams.

“The idea of defending the nation in cyberspace is just like
it is in other domains,” Rosenbach explained. “If there’s a very significant
attack that’s launched against the United States, it’s the department’s mission
to stop that attack.”

The main role of the combat mission forces, he added, “is to
support the Combatant Commands in their missions and to support contingency
operations when directed by senior civilian leaders.”

A contingency operation is one in which members of the armed
forces become involved in military actions, operations or hostilities against an
enemy of the United States or against an opposing force, according to Title 10
of the U.S. Code.

Rosenbach said the job of cyber protection teams will be to
defend DOD’s information networks against all attacks.

“A lot of credit should go to Cybercom leadership for
figuring out a structure that would work,” the deputy assistant secretary noted.

Below the large team framework is a smaller team framework,
and then specific positions that drive training, standards and exercise
requirements for everything Cybercom will do within its mission areas, Rosenbach
said. The teams are not completely in place, “but Cybercom has a very good plan
within the next few years of getting everyone there trained to standard and
operational,” he added.

“It’s going to take time to find and train the right people
and get them out there, and also for us to become more confident with the
doctrine and the way doctrine works compared to the way the threat is evolving,”
Rosenbach said. “We’re doing all these things at once, which makes it very
interesting on one hand and very complicated on the other.”

DOD also has made progress in updating the standing rules of
engagement for cyber, which had more to do with information technology and
network security than operating in cyberspace when they were put in place in
2005, the deputy assistant secretary said.

“It’s important to remember that standing rules of engagement
are about defense and defending either your unit or the country or something in
particular, like critical infrastructure,” Rosenbach said. “Very often, you’ll
see in the press people confusing these standing rules of engagement with
something that has to do with offensive cyber operations, but that’s not the
case.”

Rules of engagement always are classified to keep such
knowledge from adversaries, he noted, “but the intellectual work and process
work is complete now, and it’s very close to the official signature.”

The department’s process for establishing standing rules of
engagement is closely intertwined with the process for creating a presidential
policy directive on cyber operations, Rosenbach said, referring to the
classified PPD-20 issued by the White House in October and then leaked to the
media this month. But in an unclassified fact sheet released Oct. 16, the White
House described PPD-20 as a classified policy that, among other things, does the
following:

-- Takes into account the evolution of the threat and growing
experience with the threat;

-- Establishes principles and processes for using cyber
operations so cyber tools are integrated with the full array of national
security tools; and

-- Provides a whole-of-government approach consistent with
values promoted domestically and internationally and articulated in the
International Strategy for Cyberspace.

“It is our policy,” the fact sheet states, “that we shall
undertake the least action necessary to mitigate threats and that we will
prioritize network defense and law enforcement as preferred courses of action.”

In Senate Appropriations Committee testimony June 12,
Cybercom Commander Army Gen. Keith B. Alexander referred to the presidential
policy directive. “Last fall, the departments negotiated and the president
endorsed a broad clarification of the responsibilities of the various
organizations and capabilities operating in cyberspace,” he said. The Cybercom
commander added that the clarification revised “the procedures we employ for
ensuring that, in the event of a cyber incident of national significance, we are
prepared to act with all necessary speed in a coordinated and mutually
supporting manner.”

Rosenbach called the policy an important step forward for the
administration and the government.

“It was a very intense yearlong effort to sharpen the
decision-making process for deciding when to use cyber operations,” he said.
“That includes getting a better conceptual idea of what is offense and what is
defense, and it’s the framework you would use to decide when those types of
operations are appropriate.”

Rosenbach stressed that offensive operations in cyberspace
would be extremely rare and would depend on specific situations. Such a decision
is made by the president in very unique cases, he added, “and some of the
criteria would be outlined in the presidential directive. “But a very small
number of cases would ever be under consideration,” he said.